Snort (Intrusion Detection System) FAILED

yuex

Snort (Intrusion Detection System) not working...

/etc/init.d/snort restart FAILED

How to fix

Thanks

ffischer

Need some more information

maybe if exist, post the Logfile /var/log/snort

greets

yuex

/var/log/snort/snort.log.1240849907

http://rapidshare.com/files/226680475/snort.log.rar

Thank you very much

ffischer

Cant read file correct.

Code

ÔÃ??          ê     ûÝõI&U >   >   E  >Á@ ~
?
P?,Ï~e'µzÌ? =Õð?PÿTµ_  ã   X5	1?Xz,óç?aÝÅO>üÝõIX? >   >   E  >Ý@ ~
?
P?,Ï~e'µzÌ? =ÕðþPÿ
µR  ã   O5	1?Xz,óç?aÝÅO>þÝõIh >   >   E  >)@ ~
o

please Post var/log/snort "alert" file and var/log/messages

yuex

okey

http://rapidshare.com/files/226684683/endian.rar

ffischer

think you have a problem with your Firewall

much entrys with

Code

Apr 28 06:19:12 firewall syslog-ng[1235]: Error opening file for writing; filename='/var/log/firewall', error='Is a directory (21)'

Check your snort Config,
uncheck all Network and try to use only "red"

what kind of firewall Appliance .. Ccommunity ? Wich version?

yuex

Endian Firewall Community release 2.2.rc3

not working again

I am send to snort.conf

ffischer

on wich Network you have snort enabled ?
on all.
maybe try to check if any interface do this Problem.